Go to main content
oracle home
Managing Auditing in Oracle
®
Solaris 11.4
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.4 Information Library
»
Managing Auditing in Oracle
®
...
»
Index Numbers and Symbols
Updated: November 2020
Managing Auditing in Oracle
®
Solaris 11.4
Document Information
Using This Documentation
Product Documentation Library
Feedback
Chapter 1 About Auditing in Oracle Solaris
What's New in the Audit Service in Oracle Solaris 11.4
What Is Auditing?
How Does Auditing Work?
How Is Auditing Configured?
How Is Auditing Related to Security?
Auditing on a System With Oracle Solaris Zones
Audit Terminology and Concepts
Audit Events
Audit Classes and Preselection
Audit Records and Audit Tokens
Audit Plugin Modules
Audit Logs
About Binary Records
About syslog Audit Records
Storing and Managing the Audit Trail
Ensuring Reliable Time Stamps
Managing the Audit Remote Server
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
Chapter 2 Planning for Auditing
Concepts in Planning Auditing
Planning an Audit Trail
Planning Auditing in Zones
Implementing One Audit Service for All Zones
Implementing One Audit Service Per Zone
Planning Auditing
How to Plan Who and What to Audit
Planning Disk Space for Audit Records
How to Plan Disk Space for Audit Records
Preparing to Stream Audit Records to Remote Storage
How to Prepare to Stream Audit Records to Remote Storage
Understanding Audit Policy
Controlling Auditing Costs
Cost of Increased Processing Time of Audit Data
Cost of Analysis of Audit Data
Cost of Storage of Audit Data
Auditing Efficiently
Chapter 3 Managing the Audit Service
Default Configuration of the Audit Service
sstore Audit Meta-Class
Displaying Audit Service Defaults
Enabling and Disabling the Audit Service
Configuring the Audit Service
Configuring Audit With the auditconfig Subcommands
Auditing Per User or Rights Profile
Auditing Zones
New Feature – Auditing Events Temporarily
New Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings
New Feature – Auditing Verified Boot
New Feature – auditstat Command Extended
Audit Configuration Task Map
How to Preselect Audit Classes
How to Configure a User's Audit Characteristics
How to Change Audit Policy
How to Configure the audit_warn Email Alias
How to Add an Audit Class
How to Change an Audit Event's Class Membership
New Feature – Annotating Reason for Access in the Audit Record
Configuring Annotation
Configuring Annotation for Specific Users
Configuring Annotation for All Users
PAM Supports Annotation of Logins
Tracking Annotations in an Audit Trail
Selecting What Is Audited
How to Audit All Commands by Users
How to Audit Significant Events in Addition to Login/Logout
How to Find Audit Records of Changes to Specific Files
New Feature – Per-Object Logging of Audit Events
New Feature – Per-Privilege Logging of Audit Events
Specifying Files or Directories to Be Audited
Setting Audit ACL Entries
Viewing Per-Object Logs
How to Update the Preselection Mask of Logged In Users
How to Prevent the Auditing of Specific Events
How to Compress Audit Files on a Dedicated File System
How to Audit FTP and SFTP File Transfers
Configuring the Audit Service in Zones
How to Configure All Zones Identically for Auditing
How to Configure Per-Zone Auditing
Example: Configuring Oracle Solaris Auditing
New Feature – Restricting Access to Audit Records With File Labeling
Chapter 4 Configuring the Formats of Audit Logs and Where They Are Stored
New Feature – Flexible Per-Plugin Configuration of Audit Classes
Configuring Local Audit Logs
Configuring the audit_binfile and audit_syslog Plugins
How to Create ZFS File Systems for Audit Files
Configuring Audit Space for the Audit Trail and Audit Files
How to Configure syslog for the audit_syslog Plugin
Configuring Remote Repositories for Audit Logs
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
Chapter 5 Viewing Audit Records
Displaying Audit Trail Data
Displaying Audit Record Definitions
Selecting Audit Events to Be Displayed
Viewing the Contents of Binary Audit Files
Managing Audit Records on Local Systems
How to Merge Audit Files From the Audit Trail
Cleaning Up Non-Terminated Audit Files
How to Clean Up a not_terminated Audit File
Preventing Audit Trail Overflow
New Feature – Listing the Available Audit Classes
New Feature – Listing Audit Events by Audit Class
New Feature – Filtering Audit Records by Functional Area
New Feature – Reviewing Multiple Audit Events
New Feature – Viewing a Summary of Audit Records
New Feature – Displaying Auditing Data Graphically
Viewing Audit Data in the Statistics Store
Analytics' Auditing Sheet
Chapter 6 Analyzing and Resolving Audit Issues
Troubleshooting the Audit Service
Audit Records Are Not Being Logged
Audit Service Not Running
No Audit Plugin Active
Audit Class Undefined
No Assigned Events to Audit Class
Volume of Audit Records Is Large
Binary Audit File Sizes Grow Without Limit
Logins From Other Operating Systems Not Being Audited
crontab File Editing Fails With Audit Context Error
Best Practices for Auditing Core System Files
Chapter 7 Auditing Reference
Audit Service
Audit Service Man Pages
Rights Profiles for Administering Auditing
Auditing and Oracle Solaris Zones
Audit Configuration Files and Packaging
Audit Classes
Audit Class Syntax
Audit Plugins
Audit Remote Server
Audit Policy
Audit Policies for Asynchronous and Synchronous Events
Process Audit Characteristics
Audit Trail
Conventions for Binary Audit File Names
Audit Record Structure
Audit Record Analysis
Audit Token Formats
Audit Service Glossary
Index
Index Numbers and Symbols
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index V
Index X
Index Z
Language:
English
Index
Numbers and Symbols
+
(plus sign) in audit class prefixes
Audit Class Syntax
How to Configure syslog for the audit_syslog Plugin
-
(minus sign)
audit class prefix
Audit Class Syntax
[]
(square brackets)
auditrecord
output
Audit Record Analysis
^
(caret)
audit class prefix modifier
Audit Class Syntax
in audit class prefixes
How to Configure a User's Audit Characteristics
A
ACLs
setting audit entries
Setting Audit ACL Entries
(example of)
Setting Audit ACL Entries
active audit policy
temporary audit policy
How to Change Audit Policy
adding
audit classes
How to Add an Audit Class
audit file systems
How to Create ZFS File Systems for Audit Files
audit policy
How to Change Audit Policy
auditing
of individual users
Volume of Audit Records Is Large
How to Configure a User's Audit Characteristics
of zones
Concepts in Planning Auditing
plugins
auditing
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
How to Configure syslog for the audit_syslog Plugin
temporary audit policy
Setting a Temporary Audit Policy
admhist
command
New Feature – Viewing a Summary of Audit Records
New Feature – Filtering Audit Records by Functional Area
New Feature – Per-Privilege Logging of Audit Events
administering auditing
audit -s
command
Example: Configuring Oracle Solaris Auditing
Enabling and Disabling the Audit Service
audit -t
command
Enabling and Disabling the Audit Service
audit classes
Audit Classes and Preselection
audit events
Audit Events
audit files
Viewing the Contents of Binary Audit Files
audit records
Audit Records and Audit Tokens
audit trail overflow prevention
Preventing Audit Trail Overflow
audit_remote
plugin
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
audit_syslog
plugin
How to Configure syslog for the audit_syslog Plugin
auditconfig
command
How to Preselect Audit Classes
Configuring the Audit Service
auditreduce
command
How to Merge Audit Files From the Audit Trail
configuring
Configuring the Audit Service
cost control
Controlling Auditing Costs
description
Flow of Auditing
disabling
Enabling and Disabling the Audit Service
efficiency
Auditing Efficiently
enabling
Enabling and Disabling the Audit Service
in zones
Auditing and Oracle Solaris Zones
Configuring the Audit Service in Zones
Planning Auditing in Zones
Auditing on a System With Oracle Solaris Zones
plugins
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
policy
How to Change Audit Policy
praudit
command
Viewing the Contents of Binary Audit Files
reducing space requirements
Cost of Storage of Audit Data
refreshing
Example: Configuring Oracle Solaris Auditing
reports
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
rights profiles required
Rights Profiles for Administering Auditing
ahlt
audit policy
description
Effects of Audit Policy Options
setting
Setting the ahlt Audit Policy Option
with
cnt
policy
Audit Policies for Asynchronous and Synchronous Events
all
audit class
caution for using
Audit Classes
always-audit
classes
process preselection mask
Process Audit Characteristics
Analytics
auditing data and
New Feature – Displaying Auditing Data Graphically
annotations
New Feature – Annotating Reason for Access in the Audit Record
configuring
for authenticated rights profiles
Configuring Annotation for Specific Users
for rights profiles
Configuring Annotation for Specific Users
for specific users
Configuring Annotation for Specific Users
configuring for all users
Configuring Annotation for All Users
PAM support
PAM Supports Annotation of Logins
tracking in an audit trail
Tracking Annotations in an Audit Trail
archiving
audit files
Preventing Audit Trail Overflow
arge
audit policy
description
Effects of Audit Policy Options
setting
How to Audit All Commands by Users
argv
audit policy
description
Effects of Audit Policy Options
setting
How to Audit All Commands by Users
ARS
See
audit remote server
See
audit remote server
asynchronous audit events
Audit Policies for Asynchronous and Synchronous Events
audit -s
command
Example: Configuring Oracle Solaris Auditing
Example: Configuring Oracle Solaris Auditing
Enabling and Disabling the Audit Service
audit -t
command
Enabling and Disabling the Audit Service
audit characteristics
audit user ID
Process Audit Characteristics
processes
Process Audit Characteristics
session ID
Process Audit Characteristics
terminal ID
Process Audit Characteristics
user process preselection mask
Process Audit Characteristics
audit classes
adding
How to Add an Audit Class
configuration
Audit Classes
cusa
Collecting Audit Records for External Auditors
description
Audit Events
Audit Terminology and Concepts
displaying configured
New Feature – Listing the Available Audit Classes
displaying defaults
Displaying Audit Service Defaults
exceptions to system-wide settings
Audit Classes and Preselection
mapping events
Audit Classes and Preselection
modifying default
How to Add an Audit Class
overview
Audit Classes and Preselection
pe
audit class
New Feature – Per-Privilege Logging of Audit Events
per-plugin configuration
New Feature – Flexible Per-Plugin Configuration of Audit Classes
post-selection
Audit Terminology and Concepts
prefixes
Audit Class Syntax
preselecting
effect on public objects
Audit Terminology and Concepts
for failure
Specifying Audit Classes for syslog Output
How to Configure syslog for the audit_syslog Plugin
Modifying Audit Preselection Exception for One User
for success
Specifying Audit Classes for syslog Output
How to Configure syslog for the audit_syslog Plugin
Modifying Audit Preselection Exception for One User
for success and failure
How to Preselect Audit Classes
preselection
Audit Terminology and Concepts
process preselection mask
Process Audit Characteristics
replacing
How to Preselect Audit Classes
sstore
Viewing Audit Data in the Statistics Store
New Feature – Displaying Auditing Data Graphically
sstore Audit Meta-Class
syntax
Audit Class Syntax
Audit Classes
user exceptions
How to Configure a User's Audit Characteristics
Audit Configuration rights profile
Rights Profiles for Administering Auditing
How to Audit All Commands by Users
How to Add an Audit Class
How to Change Audit Policy
How to Preselect Audit Classes
New Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings
displaying auditing defaults
Displaying Audit Service Defaults
Audit Control rights profile
Rights Profiles for Administering Auditing
How to Compress Audit Files on a Dedicated File System
Enabling and Disabling the Audit Service
refreshing audit service
Example: Configuring Oracle Solaris Auditing
audit directory
creating file systems for
How to Create ZFS File Systems for Audit Files
audit event-to-class mappings
changing
How to Change an Audit Event's Class Membership
audit events
asynchronous
Audit Policies for Asynchronous and Synchronous Events
Audit Events
attributable
Audit Events
audit_event
file and
Audit Events
changing class membership
How to Change an Audit Event's Class Membership
description
Audit Events
logging
Specifying Files or Directories to Be Audited
New Feature – Per-Object Logging of Audit Events
mapping to classes
Audit Classes and Preselection
non-attributable
Audit Events
removing from
audit_event
file
How to Prevent the Auditing of Specific Events
selecting from audit trail
Selecting Audit Events to Be Displayed
selecting from audit trail in zones
Auditing and Oracle Solaris Zones
selecting multiple events
New Feature – Reviewing Multiple Audit Events
summary
Audit Terminology and Concepts
synchronous
Audit Policies for Asynchronous and Synchronous Events
Audit Events
verified boot impact
New Feature – Auditing Verified Boot
viewing from binary files
Viewing the Contents of Binary Audit Files
audit file system
description
Audit Terminology and Concepts
audit files
combining
How to Merge Audit Files From the Audit Trail
compressing on disk
How to Compress Audit Files on a Dedicated File System
copying messages to single file
Merging Selected Records to a Single File
creating summary files
Merging Selected Records to a Single File
Copying One User's Audit Records to a Summary File
Combining and Reducing Audit Files
effects of Coordinated Universal Time (UTC)
How to Merge Audit Files From the Audit Trail
limiting size of
Binary Audit File Sizes Grow Without Limit
managing
Preventing Audit Trail Overflow
printing
Printing the Entire Audit Trail
reading with
praudit
Viewing the Contents of Binary Audit Files
reducing size of
How to Merge Audit Files From the Audit Trail
reducing space requirements
Cost of Storage of Audit Data
reducing storage-space requirements
Auditing Efficiently
setting aside disk space for
How to Create ZFS File Systems for Audit Files
time stamps
Conventions for Binary Audit File Names
ZFS file systems
How to Create ZFS File Systems for Audit Files
How to Compress Audit Files on a Dedicated File System
audit flags
setting and displaying
New Feature – Auditing Events Temporarily
summary of
Audit Terminology and Concepts
audit logs
See Also
audit files
comparing binary and text summaries
Audit Logs
configuring
Configuring Local Audit Logs
configuring text summary audit logs
How to Configure syslog for the audit_syslog Plugin
modes
Audit Logs
audit plugins
audit_binfile
plugin
Configuring Audit Space for the Audit Trail and Audit Files
audit_remote
plugin
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
audit_syslog
plugin
How to Configure syslog for the audit_syslog Plugin
description
Audit Terminology and Concepts
summary of
Audit Plugins
Audit Service Man Pages
audit policy
audit tokens from
Audit Policy
defaults
Understanding Audit Policy
description
Audit Terminology and Concepts
displaying defaults
Displaying Audit Service Defaults
effects of
Understanding Audit Policy
public
Effects of Audit Policy Options
setting
How to Change Audit Policy
setting
ahlt
Setting the ahlt Audit Policy Option
setting
arge
How to Audit All Commands by Users
setting
argv
How to Audit All Commands by Users
setting in global zone
Auditing and Oracle Solaris Zones
Auditing on a System With Oracle Solaris Zones
setting
perzone
Setting the perzone Audit Policy
that does not affect tokens
Audit Policy
tokens added by
Audit Policy
audit preselection mask
modifying for existing users
How to Update the Preselection Mask of Logged In Users
modifying for individual users
How to Configure a User's Audit Characteristics
audit queue
events included
Audit Classes and Preselection
audit queue controls
displaying defaults
Displaying Audit Service Defaults
audit records
/var/adm/auditlog
file
How to Configure syslog for the audit_syslog Plugin
adding annotations
New Feature – Annotating Reason for Access in the Audit Record
converting to readable format
Viewing a Specific Audit File
copying to single file
Merging Selected Records to a Single File
description
Audit Terminology and Concepts
displaying
Viewing the Contents of Binary Audit Files
displaying definitions of
procedure
Displaying Audit Record Definitions
displaying formats of a program
Displaying the Audit Record Definitions of a Program
displaying formats of an audit class
Displaying the Audit Record Definitions of an Audit Class
displaying in XML format
Putting Audit Records in XML Format
displaying summary of successful privileged execution records
New Feature – Viewing a Summary of Audit Records
New Feature – Filtering Audit Records by Functional Area
New Feature – Per-Privilege Logging of Audit Events
events that generate
How Does Auditing Work?
format
Audit Record Structure
formatting example
Displaying Audit Record Definitions
merging
How to Merge Audit Files From the Audit Trail
overview
Audit Records and Audit Tokens
policies that add tokens to
Audit Policy
reducing audit file size
How to Merge Audit Files From the Audit Trail
sequence of tokens
Audit Record Structure
audit remote server
configuring
How to Configure a Remote Repository for Audit Files
description of
Audit Remote Server
managing
Managing the Audit Remote Server
sending files to
How to Send Audit Files to a Remote Repository
Audit Review rights profile
Rights Profiles for Administering Auditing
New Feature – Displaying Auditing Data Graphically
audit service
See Also
auditing
administrative audit events
How to Audit Significant Events in Addition to Login/Logout
audit trail creation
Audit Trail
auditing privileged users
How to Audit Significant Events in Addition to Login/Logout
configuring policy
How to Change Audit Policy
cusa
audit class
How to Audit Significant Events in Addition to Login/Logout
defaults
Audit Service
disabling
Enabling and Disabling the Audit Service
enabling
Enabling and Disabling the Audit Service
policy
Understanding Audit Policy
refreshing the kernel
Example: Configuring Oracle Solaris Auditing
significant event auditing
How to Audit Significant Events in Addition to Login/Logout
troubleshooting
Audit Records Are Not Being Logged
audit session ID
definition
Process Audit Characteristics
overview
What Is Auditing?
audit tags
New Feature – Filtering Audit Records by Functional Area
audit tokens
See Also
individual audit token names
added by audit policy
Audit Policy
audit record format
Audit Record Structure
description
Audit Records and Audit Tokens
Audit Terminology and Concepts
format
Audit Token Formats
audit trail
adding disk space
Configuring Audit Space for the Audit Trail and Audit Files
analysis costs
Cost of Analysis of Audit Data
cleaning up not_terminated files
How to Clean Up a not_terminated Audit File
creating summary files
Copying One User's Audit Records to a Summary File
Combining and Reducing Audit Files
description
Audit Terminology and Concepts
effect of audit policy
Understanding Audit Policy
including annotations
New Feature – Annotating Reason for Access in the Audit Record
monitoring in real time
Auditing Efficiently
overview
Flow of Auditing
preventing overflow
Preventing Audit Trail Overflow
reducing size of
Volume of Audit Records Is Large
How to Compress Audit Files on a Dedicated File System
restricting access using labels
New Feature – Restricting Access to Audit Records With File Labeling
selecting events from
Selecting Audit Events to Be Displayed
sending files to remote repository
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
tracking annotations
Tracking Annotations in an Audit Trail
viewing events from
Viewing the Contents of Binary Audit Files
viewing events from different zones
Auditing and Oracle Solaris Zones
audit user ID
mechanism
Process Audit Characteristics
overview
What Is Auditing?
audit.notice
entry
syslog.conf
file
How to Configure syslog for the audit_syslog Plugin
audit
command
disabling audit service
Enabling and Disabling the Audit Service
options
Audit Service Man Pages
refreshing audit service
Example: Configuring Oracle Solaris Auditing
audit_binfile
plugin
Audit Plugin Modules
getting attributes
Specifying Several Changes to an Audit Plugin
Limiting File Size for the audit_binfile Plugin
limiting audit file size
Limiting File Size for the audit_binfile Plugin
setting attributes
Configuring Audit Space for the Audit Trail and Audit Files
setting free space warning
Setting a Soft Limit for Warnings
specifying time for log rotation
Specifying Time for Log Rotation
audit_class
file
adding a class
How to Add an Audit Class
troubleshooting
Creating a New Audit Class
audit_event
file
changing class membership
How to Change an Audit Event's Class Membership
description
Audit Events
removing events safely
How to Prevent the Auditing of Specific Events
audit_flags
keyword
How to Audit Significant Events in Addition to Login/Logout
How to Configure a User's Audit Characteristics
specifying user exceptions to audit preselection
How to Configure a User's Audit Characteristics
use
Audit Class Syntax
using caret (
^
) prefix
Modifying Audit Preselection Exception for One User
audit_remote
plugin
Audit Plugin Modules
configuring
How to Configure a Remote Repository for Audit Files
getting attributes
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
setting attributes
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
troubleshooting audit queue overfull
Tuning the Audit Queue Buffer Size
audit_syslog
plugin
Audit Plugin Modules
setting attributes
How to Configure syslog for the audit_syslog Plugin
audit_warn
script
configuring
How to Configure the audit_warn Email Alias
description
Audit Service Man Pages
auditconfig
command
adding audit file systems
Configuring Audit Space for the Audit Trail and Audit Files
audit classes as arguments
Audit Classes and Preselection
configuring policy
How to Change Audit Policy
description
Audit Service Man Pages
displaying audit defaults
Displaying Audit Service Defaults
–getplugin
option
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
How to Configure syslog for the audit_syslog Plugin
–lsclass
option
New Feature – Listing the Available Audit Classes
–lsevent
option
New Feature – Listing Audit Events by Audit Class
–p_flags
option
New Feature – Flexible Per-Plugin Configuration of Audit Classes
policy options
How to Change Audit Policy
preselecting audit classes
How to Preselect Audit Classes
sending files to remote repository
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
–setflags
option
How to Preselect Audit Classes
–setnaflags
option
How to Preselect Audit Classes
–setplugin
option
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
How to Configure syslog for the audit_syslog Plugin
setting active audit policy
Setting a Temporary Audit Policy
setting audit policy
How to Audit All Commands by Users
setting audit policy temporarily
Setting a Temporary Audit Policy
setting
audit_binfile
attributes
Configuring Audit Space for the Audit Trail and Audit Files
setting
audit_remote
attributes
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
setting system-wide audit parameters
Audit Classes and Preselection
–t
option
New Feature – Auditing Events Temporarily
viewing default audit preselection
How to Preselect Audit Classes
auditd
daemon
refreshing audit service
Example: Configuring Oracle Solaris Auditing
auditing
adding audit flags to a group of users
Creating a Rights Profile for a Group of Users
all commands by users
How to Audit All Commands by Users
analysis
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
audit remote server
Managing the Audit Remote Server
auditors' perspective
Best Practices for Auditing Core System Files
changes in current release
What's New in the Audit Service in Oracle Solaris 11.4
configuring
all zones
Configuring the Audit Service
global zone
Setting the ahlt Audit Policy Option
identically for all zones
How to Configure All Zones Identically for Auditing
per zone
How to Configure Per-Zone Auditing
configuring in global zone
Implementing One Audit Service for All Zones
crontab
editingS failure
crontab File Editing Fails With Audit Context Error
crontab
files
crontab File Editing Fails With Audit Context Error
customizing
Selecting What Is Audited
default configuration
Default Configuration of the Audit Service
defaults
Audit Service
determining if running
Audit Records Are Not Being Logged
disabling
Enabling and Disabling the Audit Service
enabling
Enabling and Disabling the Audit Service
finding changes to specific files
How to Find Audit Records of Changes to Specific Files
local definition
Audit Terminology and Concepts
logins
Logins From Other Operating Systems Not Being Audited
man page summaries
Audit Service Man Pages
planning
Concepts in Planning Auditing
planning in zones
Planning Auditing in Zones
plugin modules
Audit Plugin Modules
plugin to Oracle Audit Vault and Database Firewall
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
post-selection definition
Audit Terminology and Concepts
preselection definition
Audit Terminology and Concepts
remote definition
Audit Terminology and Concepts
reports
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
rights profiles for
Rights Profiles for Administering Auditing
sftp
file transfers
How to Audit FTP and SFTP File Transfers
troubleshooting
Troubleshooting the Audit Service
troubleshooting
praudit
command
Processing praudit Output With a Script
updating information
Example: Configuring Oracle Solaris Auditing
Example: Configuring Oracle Solaris Auditing
zones and
Auditing and Oracle Solaris Zones
Auditing on a System With Oracle Solaris Zones
auditlog
file
text audit records
How to Configure syslog for the audit_syslog Plugin
auditrecord
command
[]
(square brackets) in output
Audit Record Analysis
checking verified boot settings
New Feature – Auditing Verified Boot
description
Audit Service Man Pages
displaying audit record definitions
Displaying Audit Record Definitions
example
Displaying Audit Record Definitions
listing all formats
Displaying Audit Record Definitions
listing formats of class
Displaying the Audit Record Definitions of an Audit Class
listing formats of program
Displaying the Audit Record Definitions of a Program
optional tokens (
[]
)
Audit Record Analysis
auditreduce
command
–A
option
Copying Audit Files to a Summary File
auditing verified boot events
New Feature – Auditing Verified Boot
–b
option
Combining and Reducing Audit Files
–c
option
Merging Selected Records to a Single File
Merging Selected Records to a Single File
–C
option
Copying Audit Files to a Summary File
cleaning up audit files
How to Clean Up a not_terminated Audit File
–d
option
Merging Selected Records to a Single File
–D
option
Copying Audit Files to a Summary File
description
Audit Service Man Pages
–e
option
Copying One User's Audit Records to a Summary File
examples
How to Merge Audit Files From the Audit Trail
filtering options
Selecting Audit Events to Be Displayed
–m
option
New Feature – Reviewing Multiple Audit Events
merging audit records
How to Merge Audit Files From the Audit Trail
–o
option
Tracking Annotations in an Audit Trail
–O
option
Copying Audit Files to a Summary File
How to Merge Audit Files From the Audit Trail
Copying One User's Audit Records to a Summary File
selecting annotations
Tracking Annotations in an Audit Trail
selecting audit records
Selecting Audit Events to Be Displayed
–t
option
New Feature – Filtering Audit Records by Functional Area
time stamp use
How to Merge Audit Files From the Audit Trail
using lowercase options
Selecting Audit Events to Be Displayed
using uppercase options
How to Merge Audit Files From the Audit Trail
auditstat
command
description
Audit Service Man Pages
auid
See
immutable audit user ID
B
binary and remote records
About Binary Records
C
caret (
^
)
in audit class prefixes
How to Configure a User's Audit Characteristics
using prefix in
audit_flags
value
Modifying Audit Preselection Exception for One User
changing
audit_class
file
How to Add an Audit Class
audit_event
file
How to Change an Audit Event's Class Membership
auditing defaults
How to Preselect Audit Classes
classes
See
audit classes
cleaning up
binary audit files
How to Clean Up a not_terminated Audit File
cnt
audit policy
description
Effects of Audit Policy Options
with
ahlt
policy
Audit Policies for Asynchronous and Synchronous Events
combining audit files
auditreduce
command
How to Merge Audit Files From the Audit Trail
from different zones
Auditing and Oracle Solaris Zones
compressing
audit files on disk
How to Compress Audit Files on a Dedicated File System
configuration decisions
auditing
file storage
Planning Disk Space for Audit Records
policy
Understanding Audit Policy
remote file storage
Preparing to Stream Audit Records to Remote Storage
who and what to audit
How to Plan Who and What to Audit
zones
Planning Auditing in Zones
configuration files
auditing
Audit Service Man Pages
configured audit policy
permanent audit policy
How to Change Audit Policy
configuring
active audit policy
Setting a Temporary Audit Policy
ahlt
audit policy
Setting the ahlt Audit Policy Option
audit policy
How to Change Audit Policy
audit classes
How to Preselect Audit Classes
audit logs task map
Configuring the audit_binfile and audit_syslog Plugins
audit policy
How to Change Audit Policy
audit policy temporarily
Setting a Temporary Audit Policy
audit trail overflow prevention
Preventing Audit Trail Overflow
audit_class
file
How to Add an Audit Class
audit_event
file
How to Change an Audit Event's Class Membership
audit_warn
script
How to Configure the audit_warn Email Alias
auditing
Configuring the Audit Service
auditing in zones
Auditing and Oracle Solaris Zones
Auditing on a System With Oracle Solaris Zones
auditing reports
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
auditing task map
Configuring the Audit Service
identical auditing for non-global zones
How to Configure All Zones Identically for Auditing
per-zone auditing
How to Configure Per-Zone Auditing
perzone
audit policy
Setting the perzone Audit Policy
space for audit trail
Configuring Audit Space for the Audit Trail and Audit Files
text summaries of audit records
How to Configure syslog for the audit_syslog Plugin
converting
audit records to readable format
Viewing a Specific Audit File
Coordinated Universal Time (UTC)
time stamp use in auditing
Conventions for Binary Audit File Names
How to Merge Audit Files From the Audit Trail
copying audit records to single file
Merging Selected Records to a Single File
core files
auditing changes to
Best Practices for Auditing Core System Files
cost control
and auditing
Controlling Auditing Costs
creating
audit trail
Audit Trail
rights profile for a group of users
Creating a Rights Profile for a Group of Users
storage for binary audit files
How to Create ZFS File Systems for Audit Files
cusa
audit class
How to Audit Significant Events in Addition to Login/Logout
Collecting Audit Records for External Auditors
D
defaults
audit service
Audit Service
deleting
archived audit files
Preventing Audit Trail Overflow
audit files
How to Merge Audit Files From the Audit Trail
not_terminated
audit files
How to Clean Up a not_terminated Audit File
determining
audit ID of a user
How to Update the Preselection Mask of Logged In Users
whether auditing is running
Audit Records Are Not Being Logged
disabling
audit policy
How to Change Audit Policy
audit service
Enabling and Disabling the Audit Service
disk space requirements
audit files
How to Create ZFS File Systems for Audit Files
Cost of Storage of Audit Data
displaying
audit events for specified audit flags
New Feature – Listing Audit Events by Audit Class
audit policies
How to Change Audit Policy
audit policy defaults
Displaying Audit Service Defaults
audit queue controls
Displaying Audit Service Defaults
audit record definitions
Displaying Audit Record Definitions
audit records
Viewing the Contents of Binary Audit Files
audit records in XML format
Putting Audit Records in XML Format
auditing defaults
Displaying Audit Service Defaults
definition of audit records
Displaying Audit Record Definitions
exceptions to system-wide auditing
Displaying Audit Service Defaults
selected audit records
How to Merge Audit Files From the Audit Trail
E
/etc/security/audit_event
file
audit events and
Audit Events
/etc/syslog.conf
file
auditing and
How to Configure syslog for the audit_syslog Plugin
efficiency
auditing and
Auditing Efficiently
enabling
audit service
Enabling and Disabling the Audit Service
environment variables
presence in audit records
Effects of Audit Policy Options
event
description
Audit Events
events
auditing significant
How to Audit Significant Events in Addition to Login/Logout
cusa
audit class
How to Audit Significant Events in Addition to Login/Logout
F
failure and success events
audit class prefix
Audit Class Syntax
file transfers
auditing
How to Audit FTP and SFTP File Transfers
files
See Also
audit files
audit_class
Audit Service Man Pages
audit_event
Audit Service Man Pages
auditing modifications to
How to Find Audit Records of Changes to Specific Files
public objects
Audit Terminology and Concepts
specifying files to be audited
Specifying Files or Directories to Be Audited
New Feature – Per-Object Logging of Audit Events
filtering audit records
See
audit tags
flags
line
process preselection mask
Process Audit Characteristics
format of audit records
auditrecord
command
Displaying Audit Record Definitions
ftp
command
logging file transfers
How to Audit FTP and SFTP File Transfers
G
group
audit policy
and
group
token
Effects of Audit Policy Options
description
Effects of Audit Policy Options
H
hard disk
space requirements for auditing
Cost of Storage of Audit Data
I
IDs
audit
mechanism
Process Audit Characteristics
overview
What Is Auditing?
audit session
Process Audit Characteristics
immutable audit user ID
See
audit user ID
See
audit user ID
K
keywords
audit_flags
How to Audit Significant Events in Addition to Login/Logout
L
labeled_only
audit policy
and
label
token
Effects of Audit Policy Options
description
Effects of Audit Policy Options
labeling
use to restrict access to audit trail
New Feature – Restricting Access to Audit Records With File Labeling
limiting
audit file size
Binary Audit File Sizes Grow Without Limit
local auditing
Audit Terminology and Concepts
log files
/var/adm/messages
Troubleshooting the Audit Service
/var/log/syslog
Troubleshooting the Audit Service
audit records
Viewing a Specific Audit File
Audit Logs
configuring for audit service
How to Configure syslog for the audit_syslog Plugin
logadm
command
archiving text summary audit files
Preventing Audit Trail Overflow
logging
audit events
Specifying Files or Directories to Be Audited
New Feature – Per-Object Logging of Audit Events
ftp
file transfers
How to Audit FTP and SFTP File Transfers
logging in
auditing logins
Logins From Other Operating Systems Not Being Audited
logins
audited for annotation
PAM Supports Annotation of Logins
PAM support of annotation
PAM Supports Annotation of Logins
M
Mail Management rights profile
How to Configure the audit_warn Email Alias
man pages
audit service
Audit Service Man Pages
managing
audit files
Preventing Audit Trail Overflow
How to Merge Audit Files From the Audit Trail
audit records task map
Managing Audit Records on Local Systems
audit trail overflow
Preventing Audit Trail Overflow
auditing in zones
Auditing and Oracle Solaris Zones
Auditing on a System With Oracle Solaris Zones
mappings
events to classes (auditing)
Audit Classes and Preselection
mask (auditing)
description of process preselection
Process Audit Characteristics
merging
binary audit records
How to Merge Audit Files From the Audit Trail
minus sign (
-
)
audit class prefix
Audit Class Syntax
modifying
user security attributes
How to Configure a User's Audit Characteristics
monitoring
audit trail in real time
Auditing Efficiently
N
naming conventions
audit files
Conventions for Binary Audit File Names
never-audit
classes
process preselection mask
Process Audit Characteristics
new features
auditing enhancements
What's New in the Audit Service in Oracle Solaris 11.4
newaliases
command
How to Configure the audit_warn Email Alias
O
Oracle Audit Vault and Database Firewall
plugging in auditing
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
overflow prevention
audit trail
Preventing Audit Trail Overflow
P
–p_flags
option
See
auditconfig
command
path
audit policy
description
Effects of Audit Policy Options
pe
audit class
See
privileged execution audit class
permanent audit policy
configured audit policy
How to Change Audit Policy
perzone
audit policy
description
Effects of Audit Policy Options
setting
Setting the perzone Audit Policy
using
Auditing and Oracle Solaris Zones
How to Configure Per-Zone Auditing
Implementing One Audit Service Per Zone
when to use
Auditing on a System With Oracle Solaris Zones
planning
auditing
Concepts in Planning Auditing
auditing in zones
Planning Auditing in Zones
plugins
auditing
Audit Plugin Modules
plus sign (
+
) in audit class prefixes
Audit Class Syntax
How to Configure syslog for the audit_syslog Plugin
policies
for auditing
Understanding Audit Policy
that add tokens to audit records
Audit Policy
policy
audited commands
How to Audit Significant Events in Addition to Login/Logout
policy.conf
file
configuring annotations
Configuring Annotation for All Users
post-selection in auditing
Audit Terminology and Concepts
praudit
command
converting audit records to readable format
Viewing a Specific Audit File
description
Audit Service Man Pages
piping
auditreduce
output to
Printing the Entire Audit Trail
using in a script
Processing praudit Output With a Script
viewing audit records
Viewing the Contents of Binary Audit Files
XML format
Putting Audit Records in XML Format
prefixes for audit classes
Audit Class Syntax
preselecting
audit classes
How to Preselect Audit Classes
preselection in auditing
Audit Terminology and Concepts
preselection mask (auditing)
description
Process Audit Characteristics
preventing audit trail overflow
Preventing Audit Trail Overflow
printing
audit log
Printing the Entire Audit Trail
privileged execution audit class
New Feature – Per-Privilege Logging of Audit Events
process audit characteristics
audit session ID
Process Audit Characteristics
audit user ID
Process Audit Characteristics
process preselection mask
Process Audit Characteristics
terminal ID
Process Audit Characteristics
process preselection mask
description
Process Audit Characteristics
processing time costs of audit service
Cost of Increased Processing Time of Audit Data
profiles
adding annotations
Configuring Annotation for Specific Users
public directories
auditing
Audit Terminology and Concepts
public objects
auditing
Audit Terminology and Concepts
public
audit policy
description
Effects of Audit Policy Options
read-only events
Effects of Audit Policy Options
R
readable audit record format
converting audit records to
Viewing a Specific Audit File
reducing
audit file size
How to Merge Audit Files From the Audit Trail
disk space required for audit files
How to Compress Audit Files on a Dedicated File System
storage-space requirements for audit files
Auditing Efficiently
refreshing audit service
Example: Configuring Oracle Solaris Auditing
remote auditing
Audit Terminology and Concepts
removing
audit events from
audit_event
file
How to Prevent the Auditing of Specific Events
replacing preselected audit classes
How to Preselect Audit Classes
rights
audit profiles
Rights Profiles for Administering Auditing
Rights Delegation rights profile
How to Audit All Commands by Users
rights profiles
Audit Configuration
How to Audit All Commands by Users
How to Add an Audit Class
How to Change Audit Policy
How to Preselect Audit Classes
New Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings
Audit Control
How to Compress Audit Files on a Dedicated File System
Audit Review
New Feature – Displaying Auditing Data Graphically
audit service and
Rights Profiles for Administering Auditing
Mail Management
How to Configure the audit_warn Email Alias
Rights Delegation
How to Audit All Commands by Users
Service Configuration
How to Add an Audit Class
New Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings
ZFS File System Management
How to Compress Audit Files on a Dedicated File System
ZFS Storage Management
How to Compress Audit Files on a Dedicated File System
roleadd
command
adding annotations
Configuring Annotation for Specific Users
rolemod
command
adding annotations
Configuring Annotation for Specific Users
root
role
crontab
auditing error message
crontab File Editing Fails With Audit Context Error
S
scripts
audit_warn
script
Audit Service Man Pages
How to Configure the audit_warn Email Alias
monitoring audit files example
Auditing Efficiently
processing
praudit
output
Processing praudit Output With a Script
security
auditing and
How Is Auditing Related to Security?
About Auditing in Oracle Solaris
selecting
actions to be audited
Selecting What Is Audited
audit classes
How to Preselect Audit Classes
audit records
Selecting Audit Events to Be Displayed
events from audit trail
Selecting Audit Events to Be Displayed
seq
audit policy
and
sequence
token
Effects of Audit Policy Options
description
Effects of Audit Policy Options
Service Configuration rights profile
How to Add an Audit Class
New Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings
Session Annotations
See
annotations
session ID
audit
Process Audit Characteristics
setting
ACL audit entries
Setting Audit ACL Entries
(example of)
Setting Audit ACL Entries
arge
policy
How to Audit All Commands by Users
argv
policy
How to Audit All Commands by Users
audit policy
How to Change Audit Policy
sftp
command
auditing file transfers
How to Audit FTP and SFTP File Transfers
site security policies
audit
How to Audit Significant Events in Addition to Login/Logout
size of audit files
reducing
How to Merge Audit Files From the Audit Trail
reducing storage-space requirements
Auditing Efficiently
SMF
auditd
service
Audit Service
square brackets (
[]
)
auditrecord
output
Audit Record Analysis
sstore
meta-class
Viewing Audit Data in the Statistics Store
sstore Audit Meta-Class
starting auditing
Enabling and Disabling the Audit Service
StatsStore
contains auditing data
New Feature – Displaying Auditing Data Graphically
storage costs and auditing
Cost of Storage of Audit Data
storage overflow prevention
audit trail
Preventing Audit Trail Overflow
storing
audit files
How to Create ZFS File Systems for Audit Files
Planning Disk Space for Audit Records
audit files remotely
Preparing to Stream Audit Records to Remote Storage
success and failure events
audit class prefix
Audit Class Syntax
svcadm
command
restarting
How to Configure syslog for the audit_syslog Plugin
syslog.conf
file
audit.notice
level
How to Configure syslog for the audit_syslog Plugin
syslog
records
About syslog Audit Records
T
tail
command
example of use
Auditing Efficiently
task maps
configuring audit logs
Configuring the audit_binfile and audit_syslog Plugins
configuring auditing
Configuring the Audit Service
managing audit records
Managing Audit Records on Local Systems
planning auditing
Concepts in Planning Auditing
temporary audit policy
active audit policy
How to Change Audit Policy
setting
Setting a Temporary Audit Policy
terminal ID
audit
Process Audit Characteristics
time stamps
audit files
Conventions for Binary Audit File Names
trail
audit policy
and
trailer
token
Effects of Audit Policy Options
description
Effects of Audit Policy Options
troubleshooting
active plugin
No Audit Plugin Active
audit classes
customized
No Assigned Events to Audit Class
Creating a New Audit Class
auditing
Troubleshooting the Audit Service
praudit
command
Processing praudit Output With a Script
too many audit records in queue
Tuning the Audit Queue Buffer Size
U
UDP
using for remote audit logs
Audit Logs
user ID
audit ID and
Process Audit Characteristics
user ID and audit ID
What Is Auditing?
user_attr
database
adding annotations
Configuring Annotation for Specific Users
listing user exceptions to audit preselection
How to Configure a User's Audit Characteristics
user_attr
file
exceptions to system-wide audit classes
Audit Classes and Preselection
useradd
command
adding annotations
Configuring Annotation for Specific Users
useradm
command
adding annotations
Configuring Annotation for Specific Users
userattr
command
displaying exceptions to system-wide auditing
Displaying Audit Service Defaults
usermod
command
adding annotations
Configuring Annotation for Specific Users
audit_flags
keyword
How to Configure a User's Audit Characteristics
exceptions to system-wide auditing
Audit Classes and Preselection
specifying user exceptions to audit preselection
How to Configure a User's Audit Characteristics
using caret (
^
) prefix for
audit_flags
exception
Modifying Audit Preselection Exception for One User
users
auditing all commands
How to Audit All Commands by Users
auditing privileged
How to Audit Significant Events in Addition to Login/Logout
creating rights profile for a group
Creating a Rights Profile for a Group of Users
modifying audit preselection mask of
How to Configure a User's Audit Characteristics
V
/var/adm/auditlog
file
text audit records
How to Configure syslog for the audit_syslog Plugin
/var/adm/messages
file
troubleshooting auditing
Troubleshooting the Audit Service
/var/log/syslog
file
troubleshooting auditing
Troubleshooting the Audit Service
variables
adding to audit record
Effects of Audit Policy Options
verified boot
auditing impact of
New Feature – Auditing Verified Boot
viewing
audit record definitions
Displaying Audit Record Definitions
binary audit files
Viewing the Contents of Binary Audit Files
XML audit records
Putting Audit Records in XML Format
X
XML format
audit records
Putting Audit Records in XML Format
Z
ZFS File System Management rights profile
How to Compress Audit Files on a Dedicated File System
creating audit file systems
How to Create ZFS File Systems for Audit Files
ZFS file systems
creating for binary audit files
How to Create ZFS File Systems for Audit Files
ZFS Storage Management rights profile
How to Compress Audit Files on a Dedicated File System
creating pools for audit files
How to Create ZFS File Systems for Audit Files
zonename
audit policy
description
Effects of Audit Policy Options
using
Auditing and Oracle Solaris Zones
Implementing One Audit Service Per Zone
zones
auditing and
Auditing and Oracle Solaris Zones
Auditing on a System With Oracle Solaris Zones
configuring auditing in global zone
Setting the ahlt Audit Policy Option
perzone
audit policy
Auditing and Oracle Solaris Zones
Implementing One Audit Service Per Zone
Auditing on a System With Oracle Solaris Zones
planning auditing in
Planning Auditing in Zones
zonename
audit policy
Auditing and Oracle Solaris Zones
Implementing One Audit Service Per Zone
Previous